Sony has responded to the recent cracking of the Playstation3, and the company claism that they can fix the issue – which ought to be impossible considering the scope of the hack. “We are aware of this, and are currently looking into it,” Sony said, “We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details.”
“The complete console is compromised – there is no recovery from this,” said pytey, a member of the fail0verflow group of hackers […] “The only way to fix this is to issue new hardware,” he said. “Sony will have to accept this.” http://www.bbc.co.uk/news/technology-12116051
Rough translation:
Edited 2011-01-08 00:21 UTC
Knowing next to nothing about PS3 security – the only thing I can think of is that their binaries are all signed with multiple keys, and that only one of their root keys has been compromised thus far, allowing them to blacklist the use of that key in future firmware updates.
Is that conceivable? If true, it seems like that would already be known to the hackers who have been exploring the PS3 – unless the current firmware and software hides the fact that other keys already exist and only Sony knows this.
if they whitelist all applications with old key, they could add new RSA in firmware. but as I got it from presentation only one RSA key was used to sign and that one is hard burned into PS3.
you must also not forget game on bluray can’t change its encryption. and people payed for those games, so they would probably like to be able to play them. but if they plan to update RSA with new game versions trough update… i’m selling off all of my ps3 collection with ps3. hdd is way too small to fit updates for all the games i have. thanks, but not thanks.
Edited 2011-01-08 01:10 UTC
they could blacklist the old key but have a checksum of all old games executable, so if the old key is used they just need to check if the hash is in the whitelist
Replace a broken public key signing mechanism with simple checksum database… I suspect that would make things easier for hackers, not harder.
To be fair though, that is a possible angle they could take and if they were careful enough it might work – but I highly doubt it.
They can use cypto quality checksums that are virtually impossible to forge.
Logistically it’s not that hard for them, as the have all they already have checksums for every PS3 game in existence (they signed them afterall).
Not so sure as a checksum is like a bit parity in the sense that it does not suffice to reconstitute the data that has been pari… (err, is there a word for that action?) or checksummed.
You do checksum from data. Using a different checksum algorithm requires the original data, not just the few bytes that form the old checksum. So yes, it may be a logistical nightmare for Sony.
Highly doubt it. There ARE multiple signing keys used for different things, and not all of them have been figured out yet – but the mechanism for figuring them out has been proven and it is simply a matter of time to collect them all. I imagine a highly competitive hacker’s version of Pokemon is taking place as we speak… They should name the signing keys for different consoles after Pokemon characters, that would be fun
I vote they call the PS3 game signing key Alakazam:
“Std Alakazam #1 weakness: low defensive stats yield little longevity. Std Alakazam #2 weakness:no way to heal status ailments with Recover and Leftovers, moderate longevity and low special defense.”
Since the original xbox signing key was never cracked, just worked around through exploits it should be Mewtwo:
Mewtwo weadness: Mewtwo is weak against any bug type move, any dark type move and any ghost type move.
If you ever played Pokemon this will make perfect sense, if not move along – there is nothing to see here
Edited 2011-01-08 01:26 UTC
Why do you want to name a Sony PS3 security breach after a Nintendo property?
It was an attempt at humor… obviously not a very good one from your response, but thats all it was.
Of course we will fix it. And then the hackers will crack it again, and we’ll waste the money you paid us to actually make a product on yet more DRM crap, which will be broken yet again. Thank you very much for supporting us, please give us more of your money so we can piss it away rather than working on actual innovative things like new products. Sincerely, Sony.
I do agree and find drm on the whole a waste of time, it’s annoying and only a couple of implementations have been done in which they work in a way I find acceptable, steam and to a lesser degree iTunes.
However even though Sony are the kings of the worst of the DRM, they are in a sort of a bind. They will have to make some strong statements as games developers will start wondering if it’s a good idea to develop a £1million game if there’s a chance a big percentage of the games will be pirated. One of the fundamental promises that game platforms offer is that will be a pirate free as possible to attract the developers to the platform.
I think Sony shouldn’t have wasted there time and our money on removing features such as Linux, stopped being greedy by removing PS2 comparability and instead charge us for games we already own, this was a selling point for the ps2, being able to play ps1 games. However I do hope that Sony gets this under control and it’s going to hurt the gamers when developers say, sod it the potential loss through piracy is too high let’s skip the platform. We already see this with a lot of games due to the difficult development tools and environment, another blow will really hurt the platform.
I don’t think any game platform is pirate free…
In fact, PS3 was pretty much the last to fall so by your reckoning virtually all games should be available exclusively for the PS3.
Xbox 360, Wii, PSP and DS have been cracked for years, and there are huge numbers of games downloadable from torrent sites for them. PC games are routinely cracked and piracy is rampant there too, as is piracy on the mobile platforms.
If developers refuse to develop for PS3 then piracy won’t be the reason, although it will probably be used as an excuse…
I would argue that there are less pirates on the PS3 than other platforms.. The vast majority of games are already available on Xbox 360 and/or Wii, the PS3 has a relatively small number of exclusive titles so anyone wanting to pirate games which are cross platforms will already own one of the other consoles long before the first PS3 hacks came out.
Pirates are typically averse to spending money, so the idea of buying a PS3 to play the few exclusive games for that platform probably isn’t worth the money.
“Pirates are typically averse to spending money”
Not true, at least not in my case. Yes you can call me a pirate (900 Gigabytes of games and 613 Gigabytes of video files) but I am also a PURCHASER. I buy books, movies and games. I have an Xbox, Wii and had a PS3 before I sold it, and was not averse to buying games for them.
In fact, the reason I don’t have a PS3 anymore is because Sony took away OtherOS, all because they were afraid of piracy. Well, jokes on them, cause I sold my PS3 and they’re not getting my money now!
Isn’t it funny how there was virtually no news of PS3 piracy before they removed OtherOS? Before, there was no legitimate excuse to hack the PS3 because people could already run Linux (albeit without access to 3D acceleration), and now all the pirates are going to use running Linux as their covert reason!
“and now all the pirates are going to use running Linux as their covert reason!”
Nope, piracy is not the main purpose of the hackers that broke the PS3 wide open, with its organs still beating with life. The hackers wanted to… HACK ! Sony removed the hack service provided through OtherOS, they restored back the hack service through… hacking the console. Pirates don’t have the knowledge to do that (otherwise the console would have been wide open long before) but instead are pro at bittorrent.
Currently the hackers have withdrawn some vital informations that could lead to widespread piracy on the PS3, mostly because they are not pirates, they just wanted to access a legacy feature of their bought console : OtherOS ! However since reaching this point requested to break several barriers, the last obstacles to piracy are now pretty thins, and of course, pirates will be eager to spend their money in the new USB dongle instead of original games.
The hackers done a pretty good job at trying the revert back the console into its original claims. Buy a car with integrated gps and tv/radio, whatever. Then after 2 years the manufacturer comes to you, open you car with a special key and remove them for “your own safety, your supposed to drive, not listen to music or whatever” Silly behaviors, hackers are not that stupid not to protest.
What would be cool is to ‘enable’ piracy through the use (recompilation ?) of Linux, so that pirates wouldn’t be just covering their ass pretending the hacking exploit is to play with Linux, they would actually HAVE to use it, if not code it to actually play their pirated games. At least they’ll get some knowledge, that, perhaps would use the force on the Jedi front…
Kochise
I phrased it poorly. I didn’t mean the pirates were behind this – I agree that they barely have the technical skill. I meant that now that there’s a legitimate (if TOS breaking) reason to hack your console, then purveyors of tools that just so happen to enable piracy (that is to say, not the ones that actually just happen to enable it, but those with the goal of it – sarcasm is a pain in the ass in text) can claim the main purpose is Linux, and they can’t be held responsible for the reprehensible and illegal acts of their entire community.
Right, I’m sure the millions that pirated Crysis all had junker pcs.
Anyone who has spent time around pc gamers knows that piracy is not something that only happens in third world street markets.
http://www.binplay.com/2011/01/pc-gamers-and-their-lame-excuses-for…
All consoles should come open since all those Fantastic homebrew games I have played over years, I can’t name single because they were so Fantastic that I forgot the names. The piracy thing is lie and only makes platform more popular. There hasn’t been single proof that platform, not even Amiga that was just so Awesome that evil business men had to kill it, or game company would gone bust due piracy. And if they did they should just release Fantastic homebrew games with ads, because gamers just love ads.
I bought My console with my own money that I got from social service, that was paid by other people taxes, so I can do whatever I want it. No people ever has downloaded pirated games, they are just testing because lot of games are so bad or getting backup copy because DVD’s scratch so easily and are product of evil business men. Demos don’t since if I can’t play it till end I can’t be sure if it was good game.
I don’t mean to be disrespectful, mean or contemptuous, but is there some hidden irony in the syntax that I don’t get because the subtlety of it evades me?
It seems kind of like a scripted PR reply, not one based on a comprehensive understanding of the vulnerability.
From what I’ve gathered, this cannot be fixed by a “firmware update”.
Sony would have to do an impractical mass recall to fix this problem.
Not likely, it’s cracked for good.
From what I’ve gathered, this cannot be fixed by a “firmware update”.
Indeed. The master key has been found allowing one to generate perfectly valid signatures as many as one likes, and the master key is burned in the hardware and cannot be updated via software.
Sony cannot remove access to the master key, they cannot change it, and if they blacklisted it in software they’d be blacklisting all the signatures made with it thereby also blacklisting themselves.
I don’t see how they’re planning to fix this, and I really do think this is nothing more than a PR stunt; they are afraid of losing games publishers because of this. Of course, any games publisher worth their salt already knows the ramifications of master key being leaked and they know it can’t be fixed.
Kevin Butler, Playstation VP of extraordinarily bogus claims.
Edited 2011-01-08 18:11 UTC
PS4
That’s right. It is time that Sony abandoned PS3, bring out PS4, once they have figured out how to defend the next platform against these sort of hacks.
Bring it out, it can be mostly backwards compatible, perhaps let existing owners get a trade-in value and move on. Nothing to see here.
“Bring it out, it can be mostly backwards compatible, perhaps let existing owners get a trade-in value and move on. Nothing to see here.”
If backward compatibility kept, crack compatibility kept as well, so hackers will not even have to move a finger, the console will be hacked from its roots (kit ?)…
Kochise
It’s a fair suggestion given how long the ps3 remained uncracked. Sony made some errors that can be easily corrected in the next version.
Oh, so if a “security issue” that just happens to give back paying users of a Sony computer system their rights to use features that Sony themselves took away, then Sony takes it seriously.
But if they themselves compromise security on other computers by willfully installing rootkits on systems probably not “owned” or at least not able to be controlled by them, then it’s OK.
F***ing hypocrites.
Seriously, I wish Konami would re-release the Silent Hill series on the Xbox 360. Being a life-long Nintendo fan and having a general dislike for Microsoft since about halfway through Windows XP’s life, I would say normally say Wii, but GameCube controllers are getting rare and hard to find and I doubt the “Classic Controller” would work very well… but who knows? Maybe it would work out and I would be pleasantly surprised. [Haven’t used the Classic Controller Pro… maybe it would be even better. Just no stupid, forced motion controls tacked on just to get additional sales.] It’s not like those games require high definition to look good, as it wasn’t even around at the time to begin with (at least, not well supported and forced onto us like it is now).
At least the original three games in the series, maybe Metroid Prime Trilogy-style (three games, one disc). That way, my *only* two reasons for owning a PS2 (Castlevania: Symphony of the Night and the Silent Hill series) will be gone. I hate Sony as a company, and I wish I could get rid of the last Sony product I have (and probably the only Sony product I’ve ever owned). The best thing Sony did was E3 2006–I had endless entertainment and made fun of them for months after that. In fact, I still do occasionally (can’t get enough of that Giant Enemy Crab…).
Ah… memories. Sony’s E3 2006 conference was great almost all the way through for all the wrong reasons. A great year and one of a kind for video game comedy.
Edited 2011-01-08 16:30 UTC
Well if Sony would be to give users right to run on PS3 whatever any developer freely created the console would cost ~ $500 and that’s after last postchristmas %50 discount.
Well it wouldn’t showup on market at all, as the whole business model wouldn’t work at all.
I think that the only model that is fair and would cater for developement costs would be subscriber oriented one (alas to digital tv) where one would only lease devices (along with access to some game channels) for a monthly fee.
On the other hand they could fankly declare their ROI requrements and for example commit themselves to some level of units sold after which the platform would be opened for some homebrew developement.
Edited 2011-01-09 00:19 UTC
This is because they loose money on the system just to make it back on games. It is being dumped and they are doing everything in their power to deny the end user the right to use what they bought. This is worse than anything the CIA ever did.